Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • PowerExchange for CDC and Mainframe 10.5.9
  • All Products

Table of Contents

Search

  1. Preface
  2. Introduction to PowerExchange
  3. DBMOVER Configuration File
  4. Netport Jobs
  5. PowerExchange Message Logs and Destination Overrides
  6. SMF Statistics Logging and Reporting
  7. PowerExchange Security
  8. Secure Sockets Layer Support
  9. PowerExchange Alternative Network Security
  10. PowerExchange Nonrelational SQL
  11. DTLDESCRIBE Metadata
  12. PowerExchange Globalization
  13. Using the PowerExchange ODBC Drivers
  14. PowerExchange Datatypes and Conversion Matrix
  15. Appendix A: DTL__CAPXTIMESTAMP Time Stamps
  16. Appendix B: PowerExchange Glossary

Reference Manual

Reference Manual

Back Next

Making Personal Certificates Available on z/OS

Making Personal Certificates Available on z/OS

To create a personal or subject identification certificate use RACF or another facility such as ACF2 or TopSecret.
Depending on your site's standards, you can create personal (server) certificates on z/OS or you can create them on another platform and import them into z/OS. For testing purposes, you might want to create a self-signed certificate because it requires a lower level of RACF authority than is required to create a certificate signed by a CA. You might also create a self-signed certificate, which is then used to create a "certificate signing request” (CSR). You can then use the CSR to obtain a certificate, which is signed by another CA, such as a company in-house certificate authority.
The root CA certificate used in the signing of the personal certificate must be made available to clients if the clients are to authenticate the server.
A personal certificate is associated with a private key, but that key is not part of the certificate itself. The public key associated with the private key forms part of the certificate. The private key can be generated automatically by RACF and stored either in the RACF database or can be stored by z/OS ICSF depending on the options specified, although it is also possible to use an existing private key. In contrast to OpenSSL it is not necessary to be concerned about the location of the private key when using a personal certificate because RACF automatically retrieves it.
The following steps assume you are using RACF and that the RACF administrator has already created a suitable CA (site) certificate.
  1. Create a key ring.
  2. Make a personal certificate available on z/OS.
  3. Connect the personal certificate to the key ring.
  4. Connect the CA certificate to the key ring.
  5. Export the CA certificate for use on the client, if necessary.
The following example RACF commands perform these steps where the pre-existing signing CA certificate is LOCALCA. They also create a private key. To create a self-signed certificate, rather than one signed by LOCALCA, remove the ‘SIGNWITH’ clause and replace the following parameters in the EXPORT command:
LABEL(LOCALCA) CERTAUTH
with:
LABEL('MYUSERIDCert1') ID(MYUSERID)
Example:
/* Create a Keyring for the application                   */
RACDCERT ID(MYUSERID) ADDRING(ATTLS_keyring)
SETROPTS RACLIST(DIGTCERT,DIGTNMAP,DIGTRING) REFRESH 

/* Create a certificate for the Server application        */ 
RACDCERT ID(MYUSERID) GENCERT -                     
  SUBJECTSDN ( -                               
    O('MyCompany') -                         
    CN('MYUSERID.mymachine.myorganization.com') -       
    OU('myorganizationunit') -                          
    C('GB') -                                  
            )          -                       
   WITHLABEL('MYUSERIDCert1')-                       
   SIGNWITH(CERTAUTH LABEL('LOCALCA'))          
 SETROPTS RACLIST(DIGTCERT,DIGTNMAP) REFRESH  
  
/* Connect the server certificate to the server’s keyring.*/ 
RACDCERT ID(MYUSERID) CONNECT(ID(MYUSERID) -  LABEL('MYUSERIDCert1') –
RING(ATTLS_keyring) –
DEFAULT –
USAGE(personal))                            
SETROPTS RACLIST(DIGTCERT,DIGTNMAP) REFRESH
    
/* Connect the CA certificate to the server's keyring     */ 
RACDCERT ID(MYUSERID) CONNECT(CERTAUTH –
LABEL('LOCALCA') –
RING(ATTLS_keyring) -  USAGE(certauth))      
SETROPTS RACLIST(DIGTCERT,DIGTNMAP) REFRESH  
/* Export the CA certificate for use by the client (for a self-signed certificate to the server's keyring.*/  
/* It will be stored as text in CERTB64 format which is compatible with PEM format.*/

RACDCERT EXPORT (LABEL(‘LOCALCA’)  CERTAUTH -
   DSN(‘MYUSERID.LOCALCA.CER’)
0 COMMENTS
We’d like to hear from you!